On Fri, Apr 03, 2020 at 08:54:40PM -0700, Andy Lutomirski wrote: > > > > On Apr 3, 2020, at 3:08 PM, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > > > On Fri, Apr 03, 2020 at 08:50:08AM -0700, Casey Schaufler wrote: > >>> How does smackfs interact with namespaces? > >> > >> Smack attributes are global. Aside from privilege issues, namespaces > >> ignore and are ignored by Smack. > > > > Okay. > > > > For SGX, I foresee things as: > > > > 1. Existing files are global. > > 2. If a policy of any kind is ever added it needs to be *per container*. > > I'm not sure whether PID or user namespace is the right choice here, > > but does not matter right now as the feature is not in the queue. > > > > To summarize: > > > > 1. We have a heterogeneous set of files (i.e. 'enclave' and 'provision' > > are not "different sames"). > > 2. The files probably will have heterogeneous visibility requirements. > > > > I think based on these premises own file system would be a more decent > > choice than populating /dev. Beside, SGX hasn't been a driver for a > > while. > > > > Andy, what do you think of this? > > Probably okay. There are two semantic questions you’ll have to address, though: > > - What happens if you mount sgxfs twice? Do you get two copies that can diverge from each other, or do you get two views of the same thing? > > - Can it be instantiated from outside the root initns? > > It’s certainly conceptually simpler to stick with device nodes. Why exactly is Ubuntu noexecing /dev? I'm retreating this given that we have reasonable means to drive exception to the /dev configuration. Thanks Jethro for helping with this one! /Jarkko
